Imaging systems with data encryption and embedding capabalities

ABSTRACT

An imaging system may embed encrypted data into image data. The imaging system may generate image data in response to light received at a pixel array. The imaging system may include encryption circuitry that accesses an encryption key. The encryption circuitry may receive data related to the imaging system and/or to an environment in which an image is captured and encrypt the data using the encryption key. The imaging system may include data embedding circuitry that embeds the encrypted data into the image data to generate an output image. The components of the imaging system may be formed on a single imaging system chip. The encrypted data embedded in the output image may be extracted using an extraction engine and decrypted using a decryption engine and decryption key such that the data may be accessed by a user with access to the decryption key.

This application is a continuation of U.S. patent application Ser. No.14/667,406, filed Mar. 24, 2015, which is hereby incorporated byreference herein in its entirety. This application claims the benefit ofand claims priority to U.S. patent application Ser. No. 14/667,406,filed Mar. 24, 2015.

BACKGROUND

This relates generally to imaging systems, and more particularly, toimaging systems with data encryption capabilities.

Modern electronic devices such as cellular telephones, cameras, andcomputers often use digital image sensors. Imagers (i.e., image sensors)often include a two-dimensional array of image sensing pixels. Eachpixel typically includes a photosensor such as a photodiode thatreceives incident photons (light) and converts the photons intoelectrical signals. These electrical signals are converted into imagedata (i.e., digital image data) that is be used to generate an image.

It is sometimes desirable to include additional data in an imagegenerated by an image sensor. For example, images can include datarelated to the image sensor that captured the image (i.e., manufacturerinformation, serial number, sensor specifications or statistics, etc.),information relating to the environment in which the image was captured(i.e., date, time, location, other environmental information, etc.),image headers, timestamps, checksums, watermarks, or other desiredinformation.

Additional data included in images generated by conventional imagesensors is typically accessible to any user that has access to theimage. For example, any user with access to an image generated by aconventional image sensor will be able to access and alter theadditional data that is included in the image, such as data identifyingthe image sensor that captured the image or a timestamp indicating whenthe image was captured. The digital image data in images generated byconventional image sensors can also be altered (i.e., the digital imagedata may be modified by a user with access to the image). In this way,images generated by conventional image sensors are susceptible tounauthorized tampering and other alterations that change the informationincluded in the image. These alterations can be undetectable to anotheruser who subsequently views the image. Such unauthorized tampering withthe image and additional data included with the image can make itdifficult for a desired end user of the image to determine theauthenticity of the image and the additional data included with theimage.

It would therefore be desirable to provide systems and methods forgenerating images including embedded information.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of an illustrative electronic device that mayinclude an imaging system with encryption capabilities in accordancewith an embodiment of the present invention.

FIG. 2 is diagram of an illustrative imaging system including circuitryfor encrypting and embedding data into an image in accordance with anembodiment of the present invention.

FIG. 3 is a diagram of illustrative computing equipment for extractingand decrypting encrypted data that is embedded in an image in accordancewith an embodiment of the present invention.

FIG. 4 is a flow chart of illustrative steps that may be performed by animaging system of the type shown in FIG. 2 to generate an image in whichencrypted data may be embedded in accordance with an embodiment of thepresent invention.

FIG. 5 is a flow chart of illustrative steps that may be performed bycomputing equipment of the type shown in FIG. 3 to extract and decryptencrypted data that is embedded in an image in accordance with anembodiment of the present invention.

FIG. 6 is a block diagram of a processor system that may employ theembodiments of FIGS. 1-5 in accordance with an embodiment of the presentinvention.

DETAILED DESCRIPTION

Electronic devices and systems such as digital cameras, computers,cellular telephones, and other electronic devices may include imagingsystems that gather incoming light to capture an image. Electronicdevices including imaging systems may also be integrated into othersystems, such as into vehicles, security systems, and other systems thatmay monitor an environment. Imaging systems may include image sensorsthat include arrays of image pixels. The pixels in the image sensors mayinclude photosensitive elements such as photodiodes that convert theincoming light into image signals. Image sensors may have any number ofpixels (e.g., hundreds or thousands or more). A typical image sensormay, for example, have hundreds of thousands or millions of pixels(e.g., megapixels). Imaging systems may include control circuitry suchas circuitry for operating the image pixels and readout circuitry forreading out image signals corresponding to the electric charge generatedby the photosensitive elements.

FIG. 1 is a diagram of an illustrative electronic device that includesan imaging system. Electronic device 10 (sometimes referred to herein asan apparatus or device) of FIG. 1 may be a portable electronic devicesuch as a camera, a cellular telephone, a tablet computer, a webcam, avideo camera, a video surveillance system, an automotive imaging system,a video gaming system with imaging capabilities, or any other desiredimaging system or device that captures digital image data. Device 10 mayinclude one or more imaging systems such as imaging system 12 (sometimesreferred to herein as a system, imaging device, imaging equipment,imaging circuitry, image sensor integrated circuit, image sensor chip,or imaging chip). Imaging system 12 may be used to convert incominglight into digital image data. Imaging system 12 may include one or morecorresponding image sensors 14 (sometimes referred to herein as animager). During image capture operations, light from a scene may befocused onto image sensor 14. Image sensor 14 may include an array ofpixels such as pixel array 16 (sometimes referred to herein as array16).

Pixels in pixel array 16 may generate image signals in response toreceiving light from a scene. For example, pixels in array 16 mayinclude photosensitive elements such as photodiodes that convertincoming light into electric charge. Image pixels in pixel array 16 maybe connected to pixel control and readout circuitry. Image pixels inpixel array 16 may be controlled using pixel control and readoutcircuitry. Pixel control and readout circuitry may include any desiredpixel control and/or readout circuitry (e.g., row control circuitry,column read out circuitry, etc.). Pixel control and readout circuitrymay include circuitry for converting analog image signals intocorresponding digital image pixel data (e.g., a respective pixel valuegenerated by each image sensor pixel). Pixel values generated by pixelarray 16 and associated pixel control and readout circuitry may beprovided to image processing and data formatting circuitry 18 (sometimesreferred to herein as data formatting circuitry 18, formatting circuitry18, image processing circuitry 18, or processing circuitry 18) via acommunications path such as path 20. Image processing and dataformatting circuitry 18 may include circuitry for processing digital oranalog image signals (e.g., digital image pixel data). For example,image processing and data formatting circuitry 18 may perform colorcorrection operations, filtering operations, sharpening operations,compression operations, or any other suitable operations on image pixeldata generated by image sensor 14. If desired, pixel values and/ordigital image data generated by image sensor 14 and processed by imageprocessing and data formatting circuitry 18 may be transmitted via path34 (or any other suitable communications path) to components of hostsubsystem 36 such as input/output devices 38 and storage and processingcircuitry 40. In one example, host subsystem 36 may include sensors 43and/or additional encryption circuitry 42 that may receive data fromand/or transmit data to components of imaging device 12 overcommunications path 34 or any other suitable communications path.

Imaging system 12 may include encryption circuitry 22 (sometimesreferred to herein as an encryption engine, encryption hardware, dataencryption hardware, encryption system, or encrypter). Encryptioncircuitry 22 may perform encryption operations on desired data.Encryption circuitry 22 may perform encryption operations using acryptographic key such as encryption key 24 (sometimes referred toherein as a key, private key, or private encryption key) to encrypt dataprovided to encryption circuitry 22. Encryption key 24 may, for example,be a private key of an asymmetric cryptographic key pair. Key 24 may,for example, only be available to a user of electronic device 10.Private key 24 may be used to encrypt data and a corresponding publickey of the asymmetric key pair may be used to decrypt the data encryptedby the private key. This example is merely illustrative. In general, anydesired cryptographic key may be used (e.g., a key of an asymmetric keypair, a key of a symmetric key pair, etc.).

If desired, encryption key 24 may be stored on electronic device 10 orimaging system 12 and/or may be provided as needed by a user (e.g.,using an input device for receiving the private key as a user input fromthe user). For example, encryption key 24 may be stored on storagecircuitry or in memory on system 13. In one suitable scenario,encryption key 24 may be stored on read-only memory (e.g., one-timeprogrammable memory) that is included in electronic device 10. Forexample, encryption key 24 may be stored on read-only memory that isincluded in electronic device 10 as a component of imaging system 12. Insuch an arrangement, encryption circuitry 22 may access encryption key24 through communications path 28. In another suitable scenario,encryption key 24 may be incorporated into memory that is included inencryption circuitry 22, image sensor 14, or image processing and dataformatting circuitry 18. In one example, encryption key 24 may be storedon a component of electronic device 10 that is separate from imagingsystem 12. For example, encryption key 24 may be incorporated into hostsubsystem 36 as a component of additional encryption circuitry 42. Insuch an illustrative example, encryption circuitry 22 may access anencryption key 24 in additional encryption circuitry 42 through path 34.In yet another scenario, encryption key 24 may be stored external toelectronic device 10. For example, encryption key 24 may be stored on akey server or other remote storage medium. In such an example,encryption circuitry 22 may access encryption key 24 through a wired orwireless connection, or any other suitable communications path. Ifdesired, encryption circuitry 22 (or other suitable memory on whichencryption key 24 is stored) may transmit encryption key 24 to othercomponents of electronic device 10 or allow other components ofelectronic device 10 to otherwise access encryption key 24.

In an illustrative scenario sometimes described herein as an example,encryption key 24 may be incorporated into imaging system 12 on a singlechip that includes the other components of imaging system 12. In such anexample, encryption key 24 may be stored on read-only memory that isincluded in imaging system 12. Such read-only memory on which encryptionkey 24 is stored may be formed on a single image sensor chip thatincludes other components of imaging system 12 such as image sensor 14,image processing and data formatting circuitry 18, encryption circuitry22, and data embedding circuitry 26. In one illustrative example, all ofthe components of imaging system 12 may be formed on a common chip(e.g., a single silicon image sensor chip) that includes encryption key24. Storing encryption key 24 on read-only memory that is incorporatedonto a common chip with other components of imaging system 12 may limitaccess to encryption key 24. For example, in order to access encryptionkey 24, the encryption key would either have to be known at the timethat the encryption key was written to the read-only memory (or othercomponent of imaging system 12, such as encryption circuitry 22), or thecomponent of imaging system 12 into which encryption key 24 isincorporated would have to be accessed on the chip, and the encryptionkey would have to be decoded. If desired, encryption key 24 may not bereadable by off-chip components (e.g., components in electronic device10 that are not formed on a single chip with the components of imagingsystem 12, or external components separate from electronic device 10).Encryption circuitry 22 may be the only component of imaging system 12with access to encryption key 24, and may generate and transmitencrypted data to other components of imaging system 12 and/orelectronic device 10 without providing access to encryption key 24. Thisgreatly limits the potential for encryption key 24 to be availableoutside of the component of imaging system 12 into which it isincorporated. In this manner, it may be difficult to generate dataencrypted by encryption key 24 unless that data was encrypted by thestored copy of encryption key 24 that is incorporated into imagingsystem 12. This ensures that data encrypted using encryption key 24originated from the imaging system 12 into which it is incorporated.This may be used to verify the source of data encrypted using encryptionkey 24.

Encryption circuitry 22 may receive any suitable data for encrypting.Encryption circuitry 22 may receive data from electronic device 10,imaging system 12, image sensor 14, pixel array 16, image processing anddata formatting circuitry 18, or any other suitable component ofelectronic device 10. In one suitable example, encryption circuitry 22may receive data that includes identifying information for imagingsystem 12 (e.g., a serial number, a manufacturer identification, anidentification number or code, etc.). Encryption circuitry 22 mayreceive data that includes time information or any other desiredinformation, such as data that indicates a time at which an image wascaptured by imaging system 12, a location at which an image was captured(e.g., using a global-positioning-system incorporated on device 10),environmental conditions that were present when an image was captured(e.g., device orientation, momentum, acceleration, temperature, ambientlight, velocity, system time, etc.). This, however, is merelyillustrative. Any data (sometimes referred to herein as image metadataor metadata) received at encryption circuitry 22 may provide informationrelating to any suitable property or characteristic of imaging system12, image sensor 14, or any other component of electronic device 10, and/or images captured therewith.

In one illustrative example, data may be received at encryptioncircuitry 22 from sources external to imaging system 12. For example,host subsystem 36 may include one or more sensors 43 (e.g., motionsensors, temperatures sensors, global positioning system hardware,ambient light sensors, etc.) that may generate and provide data toimaging system 12 through signal path 34. Data provided by sensors 43may be temporally associated with image data generated by imaging system12 such that the image data generated by imaging system 12 and the dataembedded in the image data (e.g., data from sensors 43) are generated atthe same time. If desired, sensors 43 may be incorporated into imagingsystem 12 (e.g., temperature sensors may be included in image sensor 14)or may be provided as components that are external to electronic device10.

Encryption circuitry 22 may use encryption key 24 to encrypt receiveddata to generate encrypted data. In one illustrative example, encryptionkey 24 may be a private key stored at read-only memory on a common chipthat includes the other components of imaging system 12. In such anexample, encryption circuitry 22 may receive data and may accessencryption key 24 to encrypt the received data. In this way, datareceived at encryption circuitry 22 (e.g., time information, locationinformation, etc.) may be encrypted using encryption key 24, which mayonly be accessible to encryption circuitry 22 in imaging system 12.

Imaging system 12 may include data embedding circuitry 26 (sometimesreferred to herein as embedding hardware, data embedding hardware, dataembedder, embedder, or embedder circuitry). Data embedding circuitry 26may receive digital image data from image processing and data formattingcircuitry 18 through path 32 (or any other suitable communicationspath). Data embedding circuitry 26 may receive encrypted data (e.g.,encrypted image metadata) from encryption circuitry 22 through path 30(or any other suitable communications path). In one suitable example,data embedding circuitry may embed encrypted data received fromencryption circuitry 22 into digital image data received from imageprocessing and data formatting circuitry 18. For example, data embeddingcircuitry 26 may embed encrypted metadata into received image data suchthat the encrypted metadata and image data are a part of a single set ofdata (e.g., an image frame including both the encrypted metadata and theimage data). In one illustrative example, data embedding circuitry 26may render the encrypted data indistinguishable from the image data inwhich it is embedded. For example, data embedding circuitry 26 may embedencrypted data received from encryption circuitry 22 as a watermark inan image generated by imaging system 12, such that the data embedded inthe image is not detectable to a user viewing the image.

In one illustrative scenario, data embedding circuitry 26 may embedencrypted data received from encryption circuitry 22 into an imageheader. In such an example, a user with access to the image may be ableto detect that there is data embedded in the image header file (e.g., auser with access to the image may access the image header file todetermine the presence of embedded data). In such an illustrativeexample, however, the embedded data has been encrypted by encryptioncircuitry 22. Therefore, even if a user can detect the informationembedded in the image header, the user has no way of determining whatinformation is contained in the data or altering the data unless theuser has a corresponding key that allows the encrypted data to bedecrypted (e.g., a public key corresponding to private key 24). It isalso possible that a user with access to such an image may be able todetermine what information is included in the image header (i.e., theuser can access the data), but the user is still unable to alter thedata without access to the decryption key. In this way, additional datamay be embedded into a digital image in a manner that prevents the datafrom being modified or otherwise tampered with. This may ensure theintegrity of the data embedded in the image.

In one illustrative example, a user may have access to the decryptionkey and may be able to extract and decrypt the embedded data. However,such a user does not have access to the encryption key 24 (because, forexample, encryption key 24 is only accessible by encryption circuitry 22in imaging system 12) and therefore cannot re-encrypt the data. In thisway, the presence of encrypted data (e.g., data encrypted usingencryption key 24 that can be decrypted using the corresponding publicdecryption key) in an image may serve as an implicit verification of theintegrity of the encrypted data since the data could not have beenaltered and then re-encrypted.

In one example, imaging system 12 may capture video images (e.g.,multiple image frames that are captured and combined into a video) inwhich encrypted image data may be embedded. In such an example,encrypted image data may be embedded into one or more of the frames ofimage data in the video and/or into multiple frames of a video image.For example, each frame in a video image segment may include the sameencrypted data embedded therein, or different encrypted data may beembedded in different frames that make up a single video segment. Ingeneral, the data that is embedded in the frames of the video image datamay be data related to an individual frame or frames of the video image(e.g., each frame may have data related to the frame itself embeddedtherein) or a segment of the video image data. If desired, video imagedata may be stored in a video file in which encrypted data may beembedded. For example, a video image file may include multiple frames ofimage data that are combined into a video and encrypted data that isembedded in the video image file in the form of an image header ortimestamp (as examples). If desired, video images may be captured havingdata embedded in any combination of individual frames, segments, andfiles of the video image data.

Imaging system 12 may be in communication with host subsystem 36 throughpath 34. For example, imaging system 12 may transmit data from imageprocessing and data formatting circuitry 18, encryption circuitry 22,data embedding circuitry 26, or other components of imaging system 12 tocomponents of host subsystem 36 such as input/output devices 38 andstorage and processing circuitry 40.

Storage and processing circuitry 40 may include one or more integratedcircuits (e.g., image processing circuits, microprocessors, storagedevices such as random-access memory and non-volatile memory, etc.) andmay be implemented using components that are separate from imagingsystem 12 and/or that form part of imaging system 12 (e.g., circuitsthat form part of an integrated circuit that includes image sensor 14 oran integrated circuit within imaging system 12 that is associated withimage sensors 14). Storage and processing circuitry 40 may includevolatile and nonvolatile memory (e.g., random-access memory, flashmemory, hard drives, solid state drives, etc.). Storage and processingcircuitry 40 may also include processors such as microprocessors,microcontrollers, digital signal processors, application specificintegrated circuits, etc. Image data that has been captured by imagingsystem 12 may be processed and stored using storage and processingcircuitry 40 (e.g., using an image processing engine on storage andprocessing circuitry 40, using an imaging mode selection engine onstorage and processing circuitry 40, etc.). Processed image data may, ifdesired, be provided to external equipment (e.g., a computer, externaldisplay, or other device) using wired and/or wireless communicationspaths coupled to storage and processing circuitry 40. For example, imagedata processed by storage and processing circuitry 40 may be displayedto a user using input/output devices 38, or may be stored on electronicdevice 10 using storage circuitry included in host subsystem 36. Hostsubsystem 36 may include input/output devices 38 such as projectors,keypads, input-output ports, and displays. Input/output devices 38 mayinclude a display that presents information to a user of an electronicdevice that includes electronic device 10. Images generated by imagingsystem 12 may be transmitted to components of host subsystem 36 forpresentation to a user (using, for example, input/output devices 38) forstorage (on storage and processing circuitry 40, for example).

The examples described above in which the components of imaging system12 such as image sensor 14, pixel array 16, image processing and dataformatting circuitry 18, encryption circuitry 22, encryption key 24, anddata embedding circuitry 26 are all formed on a common image sensor chipare merely illustrative. In general, any components of imaging system 12may be formed on any suitable number or configuration of imaging systemchips in electronic device 10. For example, the components of imagingsystem 12 may be formed on multiple different chips. In such anillustrative example, the multiple different chips and componentsthereon may be connected by suitable wired or wireless communicationspaths.

FIG. 2 is illustrative diagram of an imaging system such as imagingsystem 12 that may be included in electronic device 10. Imaging system12 may be an imaging system including multiple components mounted on asingle chip 13 (sometimes referred to herein as a common chip, an imagesensor integrated circuit, an imager chip, or chip). In the illustrativeexample of FIG. 2, imaging system 12 includes an image sensor 14 (whichmay include a pixel array 16), image processing and data formattingcircuitry 18, encryption circuitry 22, and data embedding circuitry 26.As described above in connection with FIG. 1, encryption circuitry 22may receive data such as internal data 44 and/or external data 46.Internal data 44 and/or external data 46 may sometimes be referred toherein as image metadata or metadata, and may include informationrelating to images captured by electronic device 10 or the imagingsystem 12 used to capture such images. In one illustrative example,internal data 44 may include data that is stored in imaging system 12(e.g., data that is stored on memory such as random-access memory ornon-volatile memory). Such memory may be formed on the same chip 13 asthe other components of imaging system 12. Internal data 44 may includeinformation about imaging system 12 and the components included therein.For example, internal data 44 may include data that identifies theimaging system 12 using a serial number, manufacturer code, a uniqueidentifier code, or another unique identifier. Such identifyinginformation may identify the source of imaging system 12 or thecomponents contained therein (e.g., internal data 44 may includeinformation that is unique to imaging system 12). Internal data 44 maybe encrypted and embedded into images generated by imaging system 12 toprovide information relating to the source of the images or theenvironment in which the images were captured while guaranteeing thatsuch information originated from imaging system 12 (i.e., the data hasnot been tampered with).

In one illustrative example, encryption circuitry 22 may receive datathat is stored or generated external to imaging system 12, such asexternal data 46. In such an illustrative embodiment, encryptioncircuitry 22 may receive data from other components of electronic device10 including host subsystem 36 and components such as input/outputdevices 38, sensors 43, and storage processing circuitry 40 containedtherein. In one suitable scenario, encryption circuitry 22 may receivedata from an external device that is separate from electronic device 10.For example, encryption circuitry 22 may receive external data from anadditional electronic device that includes information relating to theenvironment in which imaging system 12 is located. External data 46 mayinclude temperature data, location data, time data, date data,orientation data, speed and/or velocity data, acceleration data, or anyother suitable data that may be provided to encryption circuitry 22 froma source external to imaging system 12. In one suitable example,external data 46 may include data generated from sensors that are eitherincluded in electronic device 10 or are external to electronic device10. Such sensors may generate data such as ambient light data andproximity data. In one suitable example in which an imaging system 12 asdescribed herein is incorporated into a vehicle, external data 46 mayinclude information relating to the vehicle, such as vehicle safetyinformation (e.g., airbag deployment information), maintenanceinformation (e.g., a time, date, and location at which a maintenanceservice was performed), and/or vehicle travel information (e.g.,velocity, location, and trip information). External data 46 may beencrypted and embedded into images generated by imaging system 12 toprovide information relating to the source of the images or theenvironment in which the images were captured while guaranteeing thatsuch information originated from imaging system 12 (i.e., the data hasnot been tampered with).

Encryption circuitry 22 may obtain an encryption key such as encryptionkey 24. As discussed above in connection with FIG. 1, encryption key 24may be a private encryption key that is stored on memory such as memory15 (sometimes referred to herein as a memory unit, storage, or a storagemedium) in electronic device 10. Memory 15 may be read-only memory andmay be located on a common chip 13 on which additional components ofimaging system 12 are formed. Encryption key 24 may therefore only beaccessible to components of imaging system 12 that have access to theread-only memory on which encryption key 24 is written (e.g., encryptioncircuitry 22) or at a location external to the imaging system at whichthe encryption key was recorded at the time that it was written. In thismanner, imaging system 12 may uniquely encrypt data using a uniqueencryption key that is only accessible to imaging system 12. If desired,encryption key 24 may be incorporated into any suitable component ofimaging system 12.

In one suitable example, encryption key 24 may be located in an off-chiplocation (e.g., encryption key 24 may be stored in memory that is notlocated in imaging system 12). In such an example, encryption key 24 maybe written to memory that is a component of another portion ofelectronic device 12 (e.g., memory that is included in host subsystem36, such as additional encryption circuitry 42), or may be storedentirely external to electronic device 10. In any case, encryptioncircuitry 22 may access encryption key 24 and use encryption key 24 toencrypt data such as internal data 44 and/or external data 46.

Internal data 44 and/or external data 46 that have been encrypted byencryption circuitry 22 using encryption key 24 may be inaccessible to auser unless the user has access to a key that allows the user to decryptthe encrypted data. In some illustrative embodiments, such a key may bea public key that is available to multiple users and allows anyone whohas access to the public key to decrypt the data encrypted by encryptioncircuitry 22. In such an illustrative example, an asymmetric encryptionalgorithm may be used to generate the private key (i.e., encryption key24) and to generate a public key (i.e., a decryption key) that may beused to decrypt the data encrypted by encryption circuitry 22. In suchan illustrative example, any user with access to the decryption key maybe able to decrypt the data encrypted by encryption circuitry 22, whileonly a user that has access to encryption key 24 may be able to encryptdata using encryption circuitry 22. In the illustrative example in whichencryption key 24 is written to read-only memory that is incorporatedinto imaging system 12, the encryption key 24 is effectively onlyaccessible to encryption circuitry 22. Therefore, data encrypted byencryption circuitry 22 using encryption key 24 may only be accessed bya user with access to the decryption key. This may ensure that the dataencrypted by encryption circuitry 22 is not altered or tampered withprior to reaching a user with access to the decryption key and verifythe source of the data encrypted using encryption key 24.

Image processing and data formatting circuitry 18 may receive image data(e.g., image pixel values) generated by pixels in a pixel array such aspixel array 16 in image sensor 14. Image processing and data formattingcircuitry 18 may perform image processing operations on the image data(e.g., digital image data) such as color correction operations,sharpening operations, compression operations, filtering operations, orany other suitable processing operations that may be performed on imagedata generated by image sensor 14.

Data embedding circuitry 26 may receive data from image processing anddata formatting circuitry 18 and encryption circuitry 22. For example,data embedding circuitry 26 may receive encrypted image metadata (e.g.,internal data 44 or external data 46 that has been encrypted) fromencryption circuitry 22 and/or may receive digital image data (e.g.,image data generated by image sensor 14 and/or image data that has beenprocessed by image processing and data formatting circuitry 18). In onesuitable example, data embedding circuitry 26 may embed encrypted datareceived from encryption circuitry 22 in digital image data receivedfrom image processing and data formatting circuitry 18.

In one suitable scenario, data embedding circuitry 26 may embedencrypted data into digital image data such that the encrypted data isindecipherable from the digital image data.

For example, data embedding circuitry 26 may embed encrypted data intodigital image data in the form of a watermark. In such an example,portions of image pixel data received by data embedding circuitry 26 maybe replaced with encrypted data received from encryption circuitry 22.One or more bits of data, digital image data generated by individualpixels in pixel array 16, or digital image data generated by groups ofpixels in pixel array 16 may be replaced by encrypted data generated byencryption circuitry 22. In such an example, the encrypted data may beembedded into the image data such that the data is undetectable even toa user with access to the image (e.g., the watermark is not visible tothe user). If desired, the visibility of a watermark associated withdigital image data may vary based on the method used to embed theencrypted data in the image. For example, the encrypted data may beembedded in a watermark that is readily visible to a user or that isdifficult to see but still detectable. In general, data may be embeddedin an image watermark having any desired visibility.

In one illustrative example, data embedding circuitry 26 may embedencrypted data into an image header included in the digital image datareceived from image processing and data formatting circuitry 18. In suchan example, the encrypted data (e.g., encrypted metadata) embedded inthe image header may be detectable by a user with access to the digitalimage data. However, because the data is encrypted, only a user withaccess to the public key (e.g., the decryption key) will be able todecrypt and access the embedded data.

In one illustrative example, data embedding circuitry 26 may embedencrypted checksum data into digital image data received from imageprocessing and data formatting circuitry 18. In such an example, thechecksum may be encrypted by encryption circuitry 22 and subsequentlyembedded into digital image data by data embedding circuitry 26. A userwith access to a digital image that includes the encrypted checksum maycheck the encrypted checksum data against data associated with thedigital image. For example, file size and/or file data informationassociated with the digital image data having the encrypted checksumembedded therein may be checked against reference image data (e.g., filesize and/or file data).

For example, checksum data may be calculated for an image that does nothave encrypted data embedded therein. If desired, the checksum data maybe calculated based on information relating to the image (e.g., filesize, file data, etc.). The checksum data may then be encrypted andembedded in the image. Upon receipt of the image including the encryptedchecksum, a user may extract and decrypt the embedded checksum data. Thedecrypted checksum data (e.g., file size data) may then be compared todata related to the image after extraction of the embedded checksum,such as file size data of the image without the embedded checksum (i.e.,file size data that should match the original file size data encryptedin the checksum). The decrypted checksum data may then be compared tothe file size data (or other suitable data) of the image afterextraction of the checksum data to verify that the image was notmodified between the time at which the data was embedded and the time atwhich the data was extracted. In one suitable example, such checksumdata may be used to verify that the image data was not modified evenwhen other encrypted data (e.g., encrypted image header data or otheradditional data that may not be modified when the image data is altered)can be verified.

The example given above, however, is merely illustrative. Generally, anysuitable checksum data may be encrypted and embedded in an image. Ifdesired, a user with access to the decryption key may decrypt thechecksum embedded in the digital image data. The checksum may then beanalyzed in any suitable manner to determine the integrity of the data.Once the checksum has been decrypted, a user may be able to determinethe digital image data has been modified (e.g., if the checksum does notmatch a reference value, a user may be able to determine that thedigital image data has been tampered with).

In one illustrative scenario, data embedding circuitry 26 may embed anencrypted timestamp into digital image data received from imageprocessing and data formatting circuitry 18. Because the timestamp isencrypted, a user with access to the digital image data can verify thatthe timestamp has not been altered or otherwise tampered with. This mayensure the integrity of the timestamp.

The examples described above in are merely illustrative. In general,data embedding circuitry may embed any suitable encrypted data orunencrypted data into image data received from image sensor 14 or imageprocessing and formatting circuitry 18. Data embedding circuitry 26 mayoutput an output image 48 (sometimes referred to herein as an image,final image, encrypted image, final image frame, embedded image, oroutput) that includes the digital image data and the encrypted dataembedded therein. As described in the illustrative scenarios above, dataembedded in the output image 48 may or may not be detectable to a userhaving access to the output image 48. In any case, output image 48 mayinclude encrypted data that can only be accessed or modified using acorresponding decryption key. In this manner, an output image 48 may beprovided with additional data (e.g., image metadata) that is resistantto tampering and that may have its integrity verified by the useraccessing the image.

A diagram of illustrative computing equipment that may extract anddecrypt encrypted data embedded in an image is shown in in FIG. 3. Inthe illustrative example of FIG. 3, an image such as stored image 50(sometimes referred to herein as an output image, image, embedded image,or encrypted image) may be provided. In one illustrative example, storedimage 50 may be an image in which encrypted data has been embedded intothe digital image data, such as output image 48 of FIG. 2. In oneillustrative example, stored image 50 may be stored on electronic device10. For example, stored image 50 may be an image captured by imagingsystem 12 in which encrypted data has been embedded (e.g., usingencryption circuitry 22 and embedding circuitry 26). Stored image 50 maybe stored on electronic device 10 (e.g., stored image 50 may be storedin storage and processing circuitry 40 in host subsystem 36, or in anyother suitable storage medium on electronic device 10). This, however,is merely illustrative. Stored image 50 may be stored on memory that isnot included in electronic device 10 (i.e., memory that is separate fromor external to electronic device 10). In one illustrative example,computing equipment 52 (sometimes referred to herein as a computer,processor, processing system, computing system, or hardware) may includememory suitable to store data such as stored image 50.

As shown in the illustrative example of FIG. 3, computing equipment 52may receive stored image 50. Computing equipment 52 may receive storedimage 50 from electronic device 10, from a source external to electronicdevice 10 and to computing equipment 52, and/or from memory that isincluded in computing equipment 52.

Computing equipment 52 may include a data extraction engine 54(sometimes referred to herein as data extractor, extractor, extractionengine, or data extraction circuitry). Data extraction engine 54 mayinclude a computer-programmable medium that is configured to extractdata such as data that is embedded in stored image 50. In oneillustrative embodiment, extraction engine 54 may include softwarestored thereon. Extraction engine 54 may include any suitable memory(e.g., read-only memory, non-volatile memory, random access memory,removable memory, etc.) and/or processing equipment that may beprogrammed to extract data that is embedded in stored image 50.Extraction engine 54 may include a computer program or othercomputer-executable code, which may be stored on any suitable memoryaccessible by computing equipment 52 to execute the computer program orcomputer-executable code.

Data extraction engine 54 may extract data that is embedded in storedimage 50. In one illustrative example, data extraction engine 54 mayextract data that has been embedded in stored image 50 by data embeddingcircuitry 26 (e.g., encrypted metadata). In such an illustrativeexample, data extraction engine 54 may extract encrypted data fromstored image 50. That is, extraction engine 54 may generate extracteddata (sometimes referred to herein as encrypted data, extractedmetadata, or encrypted metadata) from stored image 50.

For example, data extraction engine 54 may extract encrypted metadatathat was embedded in stored image 50 as a watermark. In such an example,data extraction engine 54 may reveal the presence of data embedded instored image 50 that would not otherwise have been detectable by a userwith access to the image. The data extracted by data extraction engine54 may be encrypted data (e.g., data extraction engine 54 may extractencrypted data and present the encrypted data to a user). However, auser presented with encrypted data may not be able to access or modifythe encrypted data without a suitable key or other means for decryptingthe data.

In one suitable scenario, data extraction engine 54 may extract datathat has been embedded in stored image 50 in the form of an image header(i.e., data extraction engine 54 may generate extracted data). Suchextracted data (i.e., image header data) may include encrypted imagemetadata. Data extraction engine 54 may present the extracted dataincluded in the image header to the user, but the user may not be ableto access or modify the encrypted data.

In one illustrative example, data extraction engine 54 may extractencrypted checksum data that has been embedded in stored image 50 (i.e.,data extraction engine 54 may generate extracted data in the form ofextracted checksum data). In such an illustrative scenario, dataextraction engine 54 may extract the encrypted checksum data from storedimage 50 and present the encrypted checksum data to a user. However, theuser may be unable to access the encrypted checksum data unless the userhas access to an appropriate key with which to decrypt the encryptedchecksum data, such as decryption key 58 (sometimes referred to hereinas a key or public key).

In one illustrative scenario, data extraction engine 54 may extract anencrypted timestamp embedded in stored image 50. Such extracted data(i.e., encrypted timestamp data) that has been extracted from storedimage 50 may not be accessible to a user unless the user is providedwith a suitable key for decrypting the encrypted timestamp, such asdecryption key 58.

Computing equipment 52 may include a decryption engine 56 (sometimesreferred to herein as a decrypter, decryption circuitry, data decrypter,data decryption engine, or data decryption circuitry). Decryption engine56 may include a computer-programmable medium that is configured todecrypt data such as extracted data that has been extracted from storedimage 50 by data extraction engine 54. In one illustrative embodiment,decryption engine 56 may include software stored on computing equipment52. Decryption engine 56 may include any suitable memory (e.g.,read-only memory, non-volatile memory, random access memory, removablememory, etc.) and/or processing circuitry that may be programmed todecrypt encrypted data that is extracted from stored image 50.Decryption engine 56 may include a computer program or othercomputer-executable code, which may be stored on any suitable memoryaccessible by computing equipment 52 to execute the computer program orcomputer-executable code to decrypt encrypted data that has beenextracted from stored image 50.

Decryption engine 56 may be provided with a key such as decryption key58. In one suitable scenario that is sometimes described herein as anexample, decryption key 58 may be a public key generated using anasymmetric encryption algorithm. Decryption key 58 may be configured todecrypt data that has been encrypted by encryption circuitry 22 usingencryption key 24. For example, encryption key 24 and decryption key 58may both be generated by the same asymmetric encryption algorithm. Onlyone copy of encryption key 24 may be available (i.e., encryption key 24may be stored on-chip in imaging system 12 of electronic device 10),whereas multiple copies of public key 58 may be available. In thismanner, data extracted by data extraction engine 54 may only bedecrypted by decryption engine 56 if decryption engine 56 has access topublic key 58.

In one illustrative example, computing equipment 52 may include memory59 on which decryption key 58 is stored (e.g., non-volatile memory,read-only memory, random access memory, one time non-programmablememory, etc.) In some suitable scenarios, decryption key 58 may bestored external to computing equipment 52, such as on an external server(e.g., a key sever) or other suitable storage medium. In oneillustrative example, computing equipment 52 may be provided with accessto decryption key 58 over a wired or wireless connection to the storagemedium on which decryption key 58 is stored.

Decryption engine 56 may use decryption key 58 to decrypt data extractedfrom stored image 50 by data extraction engine 54 to generate decrypteddata such as data 60 (sometimes referred to herein as decrypted data oroutput data). Data 60 may include data such as internal data 44 and/orexternal data 46 (e.g., image metadata). In such an example, decryptionengine 56 may decrypt the extracted data such that the decrypted data isaccessible to the user. This may allow a user to determine theinformation that is included in data 60 and/or to alter such data. Inone illustrative example, data 60 may include data that was embedded instored image 50 in the form of a watermark. Upon decrypting the dataextracted from the watermark in stored image 50, a user may access thedata included in the watermark. In the illustrative example in whichdata extraction engine 54 generated extracted image header data,decryption engine 56 may decrypt encrypted image header data such that auser can access the data stored in the image header. In the illustrativeexample in which the data extracted from stored image 50 includesencrypted checksum data, data 60 generated by decryption engine 56 mayinclude decrypted checksum data. A user may then reference the decryptedchecksum data against a known value to determine whether or not the dataincluded in the checksum has been altered. This may allow a user todetermine the integrity of the data that was encrypted and embedded intostored image 50. In the illustrative example in which stored image 50includes encrypted timestamp data, data 60 generated by decryptioncircuitry 56 may provide decrypted timestamp data to a user. A user maythen be able to determine timestamp information related to the imagethat the user can verify has not been tampered with.

In each of the illustrative examples described above, the encrypted dataembedded in stored image 50 may only be accessible using encryption key24 (which may be stored on-chip in imaging system 12) or decryption key58. In this way, a user with access to data 60 is assured that the data60 has maintained its integrity between the time at which it wasencrypted by encryption circuitry 22 and embedded in an image and thetime at which it was decrypted using decryption engine 56. In a scenarioin which access to the public decryption key 58 is limited, theintegrity of the data included in output image 48 and/or stored image 50may be verified.

For example, a user accessing data 60 may know that data included in animage header extracted from stored image 50 has not been altered orotherwise tampered with. A user accessing data 60 that was extractedfrom a watermark in stored image 50 may be able to verify that thewatermark embedded in stored image 50 is the watermark is original andhas not been modified, as only individuals with decryption key 58 areable to access the data. In one suitable scenario in which the data 60extracted from stored image 50 is an image checksum, a user may be ableto verify that stored image 50 has not been altered or otherwisetampered with by referencing the checksum data against a known referencevalue. If the image has been altered, the checksum data will not matchthe reference value, and the user can determine that the image has beenaltered between the time at which it was embedded with encrypted data inimaging system 12 and the time at which the data 60 was decrypted. Ifthe checksum data matches the reference value, then the user candetermine that the image from which the checksum data was extracted(e.g., stored image 50) was not altered, as an alteration to the imagemay alter the checksum data (i.e., even if the image were tampered with,a user making such a modification would not be able to modify theencrypted checksum such that it would match the reference value afterthe alteration, as the user does not have access to encryption key 24 tore-encrypt the modified data). In this way, the encrypted checksum datamay serve as an indicator of whether an image has been altered or not.In the illustrative example in which encrypted timestamp data isembedded in stored image 50, decrypted data 60 may represent timestampdata that the user can be assured is accurate (i.e., has not beenaltered, as access to decryption key 58 is needed to alter the timestampdata).

A flow chart of illustrative steps that may be performed in generatingan image in which encrypted data may be embedded is shown in FIG. 4.

At step 402, image data may be generated by an imaging system such asimage sensor 14 in electronic device 10. In one illustrative example,the image data may include digital image data, such as digital imagepixel values generated by image pixels in pixel array 16.

At step 404, image data (e.g., image data generated in step 402) may beprocessed, for example, by image processing and data formattingcircuitry 18. Processing the image data may include performing colorcorrection operations, filtering operations, sharpening operations,compression operations, or any other suitable operations that may beperformed on digital image pixel data.

At step 406, data such as internal data 44 and/or external data 46(e.g., image metadata) may be accessed by electronic device 10 (e.g., byencryption circuitry 22). Image metadata may include informationrelating to electronic device 10 and/or imaging system 12 and may beretrieved from memory that is included in electronic device 10. In oneillustrative example, the metadata may include information relating toan environment in which electronic device 10 is operated and may beretrieved from memory or other systems and/or electronic devices thatare external (but may be in communication with) electronic device 10.

At step 408, data such as internal data 44 and/or external data 46 maybe encrypted by encryption circuitry 22 to generate encrypted data.Encryption circuitry 22 may use a private cryptographic key such asencryption key 24 to encrypt the data. Encryption key 24 may be includedon a single chip 13 that also includes other components of imagingsystem 12 such as encryption circuitry 22 and image sensor 14.

At step 410, the encrypted data generated by encryption circuitry 22 instep 408 may be embedded into the digital image data generated by imagesensor 14 in step 402 and/or image processing and data formattingcircuitry 18 in step 404. The encrypted data may be embedded in thedigital image data in the form of an encrypted image header, anencrypted watermark, an encrypted timestamp, an encrypted checksum, orany other suitable form of embedded data.

At step 412, an image including encrypted data embedded in the digitalimage data may be output by imaging system 12. The output image (e.g.,output image 48) may be output to another component of electronic device10 (e.g., a component of host subsystem 36 such as storage andprocessing circuitry 40 or input/output devices 38). In one illustrativeexample, output image 48 may be output to an electronic device or memorythat is external to electronic device 10.

A flow chart of illustrative steps that may be performed to extract anddecrypt encrypted data that is embedded in an image is shown in FIG. 5.

At step 502, an image (e.g., stored image 50) may be retrieved bycomputing equipment 52. Stored image 50 may be an output image 48generated by imaging system 12 that includes encrypted image metadataembedded therein. Depending on the method by which the data wasembedded, the embedded data may not be detectable even to a user withaccess to stored image 50. Stored image 50 may be retrieved from anysuitable location, including from memory included in computing equipment52 or from a source external to computing equipment 52 (e.g., fromelectronic device 10 or from other suitable external memory).

At step 504, data embedded in the image (e.g., stored image 50) accessedin step 502 may be extracted. For example, data extraction engine 54(e.g., computer-executable code stored on memory that is accessible tocomputing equipment 52) may extract encrypted data that is embedded instored image 50.

At step 506, encrypted data extracted in step 504 may be decrypted. Inone illustrative example, the encrypted data extracted in step 504 isdecrypted by decryption engine 56 (e.g., computer-executable code storedon memory that is accessible to computing equipment 52) to generatedecrypted data. Decryption engine 56 may use a public cryptographic keysuch as decryption key 58 to decrypt the data encrypted using encryptionkey 24 in imaging system 12.

At step 508, decrypted data such as data 60 may be output by computingequipment 52. Data 60 may include decrypted data that may be accessed bya user. For example, data 60 may include timestamp data, image checksumdata, an image watermark, or other suitable data that was encrypted andembedded in an image. Because the encrypted data can only be accessedusing decryption key 58, a user may use data 60 to ensure that an imagein which data was embedded was not tampered with or altered.

FIG. 6 shows in simplified form a typical processor system 600, such asa digital camera, which includes an imaging device such as imagingdevice 604 (e.g., an imaging system 12 that may include an image sensor14 and image processing and data formatting circuitry 18). Imagingdevice 604 may further include a pixel array 606, which may include apixel array 16. Processor system 600 is exemplary of a system havingdigital circuits that could include imaging device 604 (which mayinclude, for example, imaging system 12). Without being limiting, such asystem could include a computer system, still or video camera system,scanner, machine vision, vehicle navigation, video phone, surveillancesystem, auto focus system, star tracker system, motion detection system,image stabilization system, and other systems employing an imagingdevice.

Processor system 600, which may be a digital still or video camerasystem, may include a lens such as lens 602 for focusing an image onto apixel array such as pixel array 606 (which may include a pixel array 16)when shutter release button 608 is pressed. Processor system 600 mayinclude a central processing unit such as central processing unit (CPU)610. CPU 610 may be a microprocessor that controls camera functions andone or more image flow functions and communicates with one or moreinput/output (I/O) devices 612 (such as, for example, input/outputdevices 38) over a bus such as bus 614. Imaging device 604 may alsocommunicate with CPU 610 over bus 614. Processor system 600 may includerandom access memory (RAM) 616 and removable memory 618. Removablememory 618 may include flash memory that communicates with CPU 610 overbus 614. Imaging device 604 may be combined with CPU 610, with orwithout memory storage, on a single integrated circuit or on a differentchip. Although bus 614 is illustrated as a single bus, it may be one ormore buses or bridges or other communication paths used to interconnectthe system components.

An imaging system for encrypting and embedding data into images mayinclude an array of image pixels that generate image data in response toimage light, encryption circuitry that receives additional data that isdifferent than the image data and that generates encrypted data byencrypting the additional data using a cryptographic key, and dataembedding circuitry that is configured to embed the encrypted data intothe image data to generate an output image. The imaging system mayinclude image processing circuitry that processes the image datagenerated by the array of image pixels. The data embedding circuitry mayembed the encrypted data into the processed image data.

If desired, the array of image pixels, the encryption circuitry, and thedata embedding circuitry may be formed on a common integrated circuit.Memory may be formed on the common integrated circuit, and thecryptographic key may be stored on the memory. The memory may beone-time programmable memory. The encryption circuitry may retrieve theencryption key from the memory over a communications path formed on thecommon integrated circuit.

If desired, the data embedding circuitry may embed the encrypted data inan image header associated with the output image.

If desired, the data embedding circuitry may embed the encrypted data inan image watermark in the output image. The data embedding circuitry mayreplace at least some of the image data generated by the array of imagepixels with the encrypted data in the output image having the watermark.

If desired, the data embedding circuitry may embed the encrypted data inan image checksum in the output image.

If desired, the data embedding circuitry may embed the encrypted data inan image timestamp in the output image.

A method of generating images that include encrypted data may includecapturing image data in response to light received at an imager on animage sensor integrated circuit, receiving image metadata with anencryption engine on the image sensor integrated circuit, obtaining anencryption key stored on the image sensor integrated circuit with theencryption engine, and encrypting the image metadata using theencryption engine and the encryption key to generate encrypted metadatawith the encryption engine.

If desired, the method may include embedding the encrypted metadata intothe image data using a data embedder on the image sensor integratedcircuit and outputting a final image from the data embedder thatincludes the image data and the encrypted metadata embedded therein.

If desired, receiving the image metadata may include obtaining datastored in a memory unit on the image sensor integrated circuit. Theimage metadata may include information identifying the image sensorintegrated circuit as a source of the image data.

If desired, receiving the image metadata may include obtaining datastored external to the image sensor integrated circuit through acommunications path. The image metadata may include informationindicative of an environment in which the image data was captured.

A system may include a central processing unit, memory, input-outputcircuitry, and an imaging device. The imaging device may include animage sensor chip, an array of image sensor pixels formed on the imagesensor chip, image formatting circuitry formed on the image sensor chip,data encryption hardware formed on the image sensor chip, memory formedon the image sensor chip, and data embedding hardware formed on theimage sensor chip. An encryption key may be stored on the memory.

If desired, the array of image sensor pixels may generate image pixeldata in response to received light, and the image formatting circuitrymay process the image pixel data to generate formatted image data. Thedata encryption hardware may receive data associated with the digitalimage pixel data. The data encryption hardware may encrypt the datausing the encryption key to generate encrypted data. The data embeddinghardware may embed the encrypted data into the formatted image data togenerate an image.

The foregoing is merely illustrative of the principles of this inventionand various modifications can be made by those skilled in the artwithout departing from the scope and spirit of the invention. Theforegoing embodiments may be implemented individually or in anycombination.

What is claimed is:
 1. An imaging system comprising: a silicon imagesensor chip; an array of image pixels on the silicon image sensor chipthat generates image data in response to incident light; a sensor on thesilicon image sensor chip that generates additional data while the arrayof image pixels generates the image data, wherein the additional data isdifferent than the image data; encryption circuitry on the silicon imagesensor chip that encrypts the additional data to generate encrypteddata; and data embedding circuitry on the silicon image sensor chip thatembeds the encrypted data into the image data.
 2. The imaging systemdefined in claim 1, further comprising: image processing circuitry thatprocesses the image data generated by the array of image pixels, whereinthe data embedding circuitry embeds the encrypted data into theprocessed image data.
 3. The imaging system defined in claim 1, whereinthe encryption circuitry encrypts the additional data using acryptographic key, the imaging system further comprising: memory on thesilicon image sensor chip, wherein the cryptographic key is stored inthe memory.
 4. The imaging system defined in claim 3, wherein the memorycomprises one-time programmable memory.
 5. The imaging system defined inclaim 3, wherein the encryption circuitry retrieves the cryptographickey from the memory over a communications path on the silicon imagesensor chip.
 6. The imaging system defined in claim 1, wherein the dataembedding circuitry generates an output image from the encrypted dataand the image data.
 7. The imaging system defined in claim 6, whereinthe data embedding circuitry embeds the encrypted data in an imageheader associated with the output image.
 8. The imaging system definedin claim 6, wherein the data embedding circuitry embeds the encrypteddata in an image checksum in the output image.
 9. The imaging systemdefined in claim 6, wherein the data embedding circuitry embeds theencrypted data in a timestamp in the output image.
 10. The imagingsystem defined in claim 6, wherein the data embedding circuitry embedsthe encrypted data in an image watermark in the output image.
 11. Theimaging system defined in claim 10, wherein the data embedding circuitryreplaces at least some of the image data generated by the array of imagepixels with the encrypted data in the output image.
 12. The imagingsystem defined in claim 1, wherein the sensor comprises a sensorselected from the group consisting of: a motion sensor, a temperaturesensor, and an ambient light sensor.
 13. A method comprising: with animager on a silicon image sensor chip, capturing image data; with asensor on the silicon image sensor chip, generating additional data atthe same time that the imager is capturing the image data; with anencryption engine on the silicon image sensor chip, encrypting theadditional data to generate encrypted additional data; and with a dataembedder on the silicon image sensor chip, embedding the encryptedadditional data into the image data to generate an output image thatincludes the image data and the encrypted additional data.
 14. Themethod defined in claim 13, wherein the sensor is a motion sensor, andwherein generating the additional data comprises generating velocitydata.
 15. The method defined in claim 13, further comprising: with theencryption engine, receiving information about the imager that is storedin a memory unit on the silicon image sensor chip, wherein theinformation about the imager comprises information identifying thesilicon image sensor chip as a source of the image data; with theencryption engine, encrypting the information to generate encryptedinformation; and with the data embedder, embedding the encryptedinformation into the image data.
 16. The method defined in claim 13,further comprising: with the encryption engine, receiving informationstored external to the silicon image sensor chip; with the encryptionengine, encrypting the information to generate encrypted information;and with the data embedder, embedding the encrypted information into theimage data.
 17. The method defined in claim 16, wherein the informationstored external to the silicon image sensor chip comprises informationindicative of an environment in which the image data was captured. 18.An imaging device comprising: a single common silicon image sensor chip;pixels formed on the single common silicon image sensor chip, whereinthe pixels generate image data in response to incident light; a sensorformed on the single common silicon image sensor chip, wherein thesensor generates sensor data while the pixels generate the image data;data encryption hardware formed on the single common silicon imagesensor chip, wherein the data encryption hardware encrypts the sensordata to generate encrypted sensor data; and data embedding hardwareformed on the single common silicon image sensor chip, wherein the dataembedding hardware embeds the encrypted sensor data into the image datato generate an image.
 19. The imaging device defined in claim 18,further comprising: image formatting circuitry formed on the singlecommon silicon image sensor chip, wherein the image formatting circuitryprocesses the image data to generate formatted image data, and whereinthe data embedding hardware embeds the encrypted sensor data into theformatted image data to generate the image.
 20. The imaging devicedefined in claim 18, wherein the sensor comprises a motion sensor, andwherein the sensor data includes velocity data generated by the motionsensor.